Commit Graph

211 Commits

Author SHA1 Message Date
John Allison
7543eedd6a fixing issue when using accessible_by with nil can conditions - closes 2010-05-20 17:06:10 -07:00
Logan Raarup
605063b974 Make sure conditions on associations are pluralized 2010-05-21 07:31:29 +08:00
Sokolov Yura
7d7d249182 passing throw matching rules with not matching conditions
Main goal is to allow:

cannot :manage, :all
can :read, :all
can :manage, User, :id=>user.id
can :manage, User, :manager_id=>user.id

Signed-off-by: Sokolov Yura <funny.falcon@gmail.com>
2010-05-16 22:13:02 +04:00
Ryan Bates
06296b0a40 support has_many association or arrays in can conditions hash 2010-04-22 17:39:22 -07:00
Ryan Bates
e20081454f adding joins clause to accessible_by when conditions are across associations 2010-04-20 17:02:28 -07:00
Ryan Bates
4da31c0709 can has cheezburger? (thanks Seivan) 2010-04-20 14:24:26 -07:00
Ryan Bates
5aa6252df6 removing unused methods and a bit more refactoring 2010-04-18 00:44:42 -07:00
Ryan Bates
bbbc8a68e0 refactoring much of Ability class into separate CanDefinition class 2010-04-18 00:11:15 -07:00
Ryan Bates
232ecd5b4b releasing 1.1.1 which fixes behavior in Rails 3 by properly initializing ResourceAuthorization 2010-04-17 14:01:20 -07:00
Ryan Bates
f1ba76b61b supporting arrays, ranges, and nested hashes in ability conditions 2010-04-17 11:54:27 -07:00
Ryan Bates
283f58ee16 improving readme with links to wiki 2010-04-17 11:45:41 -07:00
Ryan Bates
f46696348e allow access to classes when using hash conditions since you'll generally want to narrow it down with a database query 2010-04-16 15:56:07 -07:00
Ryan Bates
8903feee70 removing unauthorized! in favor of authorize! and including more information in AccessDenied exception - closes 2010-04-16 14:54:18 -07:00
Ryan Bates
ecf2818a9e removing apparently unnecessary user attr_accessor in Ability 2010-04-16 08:57:10 -07:00
Ryan Bates
d9f3c8b0ae renaming noun to subject internally 2010-04-16 08:55:36 -07:00
Ryan Bates
240c281061 renaming ActiveRecordAdditions#can method to accessible_by since it flows better and makes more sense 2010-04-15 23:54:45 -07:00
Ryan Bates
ef5900c5b1 adding caching to current_ability class method, if you're overriding this be sure to add caching there too 2010-04-15 23:28:04 -07:00
Ryan Bates
37f482e8d5 default ActiveRecordAdditions#can method action to :read and use 'scoped' if 'where' is not available 2010-04-15 23:18:49 -07:00
Ryan Bates
3c68a911d0 adding can method to Active Record for fetching records matching a specific ability, still needs documentation 2010-04-15 17:04:36 -07:00
Ryan Bates
baeef0b9dd adding conditions behavior to Ability#can and fetch with Ability#conditions - closes 2010-04-15 16:50:47 -07:00
Ryan Bates
23a5888fe0 renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - closes 2010-04-15 14:14:22 -07:00
Ryan Bates
f2a1695636 properly handle Admin::AbilitiesController in params[:controller] - closes 2010-04-15 13:10:12 -07:00
Ryan Bates
6e1e96c85a allow additional arguments for be_able_to matcher, this requires Ruby 1.8.7 or higher to use matcher 2010-04-15 12:04:43 -07:00
David Chelimsky
cf49c5b9de add be_able_to matcher 2010-04-16 02:46:03 +08:00
David Chelimsky
35c4864de4 simplify paths 2010-04-16 02:46:02 +08:00
Ryan Bates
510cf509ee adding documentation for passing additional arguments to can? 2010-04-15 11:28:58 -07:00
Ryan Bates
69f7a65914 support additional arguments to can? which get passed to the block - closes 2010-04-15 11:21:44 -07:00
Ryan Bates
7d3b4cdbc2 Adding clear_aliased_actions to Ability which removes previously defined actions including defaults 2009-12-30 18:01:40 -08:00
Ryan Bates
f99d506050 Append aliased actions (don't overwrite them) - closes 2009-12-30 17:49:49 -08:00
Ryan Bates
ef22de689b adding custom message argument to unauthorized! method - closes 2009-12-15 10:53:05 -08:00
Ryan Bates
021f33c9a0 Adding :class option to load_resource so one can customize which class to use for the model - closes 2009-12-14 08:31:49 -08:00
Ryan Bates
e9f01300b6 Don't fetch parent of nested resource if *_id parameter is missing so it works with shallow nested routes - closes 2009-12-14 08:18:08 -08:00
Ryan Bates
ffa677b2b0 Don't set resource instance variable if it has been set already - closes 2009-12-13 12:32:09 -08:00
Ryan Bates
a75aee751b Allowing :nested option to accept an array for deep nesting 2009-12-13 12:22:05 -08:00
Ryan Bates
51fa61bbae refactoring out resource loading/building logic into separate class 2009-12-13 12:11:02 -08:00
Ryan Bates
cd217eb9cf adding :nested option for load_resource - closes 2009-12-13 11:39:02 -08:00
Ryan Bates
94e031bf96 Pass :only and :except options to before filters for load/authorize resource methods. 2009-12-13 11:00:12 -08:00
Ryan Bates
63634b4f5d Adding :collection and :new options to load_resource method so we can specify behavior of additional actions if needed. 2009-12-13 10:42:10 -08:00
Ryan Bates
a5f98824a0 turning load and authorize resource methods into class methods which set up the before filter so they can accept additional arguments 2009-12-13 10:03:21 -08:00
Ryan Bates
e32c5d0dfb calling controller's load_resource and authorize_resource from load_and_authorize_resource to maintain backwards compatability, even though it's not the most efficient way 2009-11-26 09:53:16 -08:00
Ryan Bates
da5a5c031f refactoring out controller logic into separate ResourceAuthorization class - closes 2009-11-26 09:29:53 -08:00
Rafael Silva
e92a7d8bf4 Some refactor to be more DRY 2009-11-26 09:38:14 +08:00
Ryan Bates
c40490d672 refactoring ability can? method - closes 2009-11-25 17:31:40 -08:00
Ryan Bates
d4405e6070 adding cannot method to define which abilities cannot be done - closes 2009-11-25 10:25:58 -08:00
Ryan Bates
e60365505c support custom objects (usually symbols) in can definition - closes 2009-11-25 09:55:50 -08:00
Ryan Bates
5bd1a85410 little fixes to inline documentation (rdocs) 2009-11-19 09:46:30 -08:00
Ryan Bates
b9227eb971 adding a lot of inline documentation to code for rdocs 2009-11-17 16:56:16 -08:00
Ryan Bates
15a01a579c fixing behavior of load_and_authorize_resource for namespaced controllers - closes 2009-11-17 11:59:59 -08:00
Ryan Bates
766fe86a9f support arrays being passed to 'can' to specify multiple actions or classes - closes 2009-11-17 11:46:27 -08:00
Ryan Bates
0f49b5478f adding 'cannot?' method which performs opposite check of 'can?' - closes 2009-11-17 10:46:16 -08:00
Ryan Bates
1edf583110 BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to set up abilities - closes 2009-11-17 10:25:47 -08:00
Ryan Bates
4b6f538663 moving can definition into ability instance instead of class, this removes ugly instance_exec command 2009-11-16 19:59:40 -08:00
Ryan Bates
7b299b50fc fix resource loading for new action 2009-11-16 19:26:33 -08:00
Ryan Bates
aaed265c91 turning into a funtioning Rails plugin 2009-11-16 19:24:04 -08:00
Ryan Bates
1034c81763 adding a before filter for loading and authorizing a resource 2009-11-16 19:00:10 -08:00
Ryan Bates
44b36ce2fc adding controller additions with basic behavior. 2009-11-16 17:02:49 -08:00
Ryan Bates
c663effc06 using instance_exec to change scope of can blocks to instance of ability, this is a bit ugly so I may end up using methods instead 2009-11-16 16:24:36 -08:00
Ryan Bates
be1892cca8 adding initial aliases for index, show, new and edit 2009-11-16 15:09:25 -08:00
Ryan Bates
0b8b51b4fc adding aliasing of actions 2009-11-16 14:58:00 -08:00
Ryan Bates
6c89c32059 adding manage action which applies to everything 2009-11-16 14:42:41 -08:00
Ryan Bates
0cfb8c7c41 adding basic ability module 2009-11-16 14:28:52 -08:00